Historically, digital certificates were installed manually on client devices. This installation process often requires intensive input from network administrators. Accordingly, manual installation and management of certificates on client devices does not scale well for large organizations with numerous devices.
Several protocols exist to simplify and automate installation and management of certificates. These protocols, such as the simple certificate enrollment protocol (SCEP), allow network users to request their digital certificate electronically and automatically have it installed on their client device. However, these protocols suffer from a number of issues. For example, these protocols are not uniformly supported by all client devices, nor are these protocols supported by all certificate authorities. Moreover, a number of these protocols suffer from various security vulnerabilities.